Forbes subscribers warned of Magecart threat skimming credit card details

The notorious Magecart malware, that blights online stores by stealing payment card details from unsuspecting shoppers at checkout, has claimed another high profile victim.

Security researcher Troy Mursch raised the alarm on Twitter that the Forbes magazine subscription website had been compromised with malicious code that was siphoning off sensitive credit card information as users attempted to sign-up for the paper edition.

Unsuspecting subscribers would think they were entering their details to receive regular copies of the magazine, but what they didn’t know was that payment card numbers, expiry dates, three digit CVV/CVC security number were being grabbed by hackers, alongside their names, addresses, and phone numbers.

It appears that the attackers had planted their malicious code on a third-party website with the name fontsawesome.gq – presumably with the thought that if anyone took the trouble to examine the source code of Forbes magazine’s website they might conclude that it was related to the legitimate FontAwesome service, used by many websites to provide fancy icons.

Quite how hackers managed to plant the call to the obfuscated malicious JavaScript onto Forbes’s subscription page is currently a mystery, but questions will undoubtedly be asked as to whether the web server’s security was properly hardened and kept up-to-date.

Another theory is that Forbes may have been the victim of a supply-chain attack. Forbes is a customer of Picreel, a website analytics service, and this weekend it was discovered that Picreel had suffered a security breach that resulted in code used by thousands of websites being compromised.

Troy Mursch (who posts as @Bad_Packets on Twitter) made numerous attempts to alert Forbes of the problem on its subscription site.

A spokesperson for the company told The Register that it was not aware of any credit card information being stolen by the criminals, although an (Read more...)